Overview Updated date: Oct 25, 2024
Microsoft Azure services already operate in TLS 1.2-only mode by default. There are a limited number of services that still allow TLS 1.0 and 1.1 to be conf...
Updated Apr 16, 2025
Version 12.0
Blog Post
Typos:
Cipher suites that were considered safe in the past but are no longer strong enough or they PFS.
They -lack- PFS ?
For the sake of readability, favor the full form instead of just relying on acronyms i.e.: "Cipher suites that were considered safe in the past but are no longer strong enough or they lack Perfect Forward Secrecy (PFS)"
For legacy purposes (...)
Extra space before "For" ^
PolyChacha
There's no such thing; probably a typo/leftover from a draft.
ChaCha20-Poly1305 PolyChacha ciphers are supported by Windows and can be enabled in scenarios where customers control the OS.
This document is about the supported version of TLS and associated cipher suite across Azure services, at the fabric level. This comment is simply off-topic/unrelated.
For completeness sake, Microsoft should strive to support ChaCha20-Poly1305 across any and all services that support TLS 1.3 (such as API Management).
On a side note:
- You have an exact empty <h4> under "FAQ" (wasted space)
- The cipher suite list is misformatted
- The cipher suite list should mention that TLS_AES_256_GCM_SHA384 and TLS_AES_128_GCM_SHA256 belong to TLS1.3 (exclusively) while the rest of the list belongs to TLS1.2
Thank you
CommPM you might want to review this ^
CommPMMicrosoft
Typos were fixed.
I appreciate you taking the time to read my comment and consider my improvements.
There are a few bits missing still:
"(...) or they Perfect Forward Secrecy (PFS)."
Correct version:
(...) or they lack Perfect Forward Secrecy (PFS).
and the cipher list is still misformatted:
TLS_AES_256_GCM_SHA384 - TLS 1.3
TLS_AES_128_GCM_SHA256 - TLS 1.3are part of the same paragraph but should be separate ones.